Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Compose + Tailscale Plugin Compatibility

Featured Replies

Hello,

 

I'm excited to try out the Tailscale container level compatibility in 7.0. I was doing some docker inspecting and reviewing the Uncast episode that demonstrated some of this. I was trying to replicate the implementation with my existing docker compose .yml files as this would allow me to continue to manage IaC without being locked in to the Unraid GUI.

 

I've been facing some challenges however. One container failed to execute the entrypoint and stated it could not be found, perhaps due to a lack of a shell? (traefik/whoami)

 

I did a more direct test with apprise-api side by side with the apprise plugin from the community store. It starts, installs Tailscale, I add the machine to the list of machines, but upon container restart it fails to move past that point and launch the actual application.

 

1) Is it expected I should be able to do this assuming the compose values are correct? I assume I'd have to hard code in things that are auto-populated in the dockerman version, such as the Tailscale webui values.

 

2) Assuming 1 is yes, can someone help me look at this? Here are some logs and compose info. For reference, I've tried both with and without my TZ/UID/PID environmental flags commented out.

 

Thank you.

 

2025-01-13T21:42:28.658026353Z =======================
2025-01-13T21:42:28.658045082Z 
2025-01-13T21:42:28.658052166Z Executing Unraid Docker Hook for Tailscale
2025-01-13T21:42:28.658055752Z 
2025-01-13T21:42:28.662799998Z Detecting Package Manager...
2025-01-13T21:42:28.663373501Z Detected Advanced Package Tool!
2025-01-13T21:42:28.663387540Z Installing packages...
2025-01-13T21:42:28.663392067Z Please wait...
2025-01-13T21:42:31.796819517Z Packages installed!
2025-01-13T21:42:31.796841812Z Tailscale not found, downloading...
2025-01-13T21:42:31.796844787Z Please wait...
/tmp/tailscale/tail 100%[===================>]  28.57M  85.1MB/s    in 0.3s    
2025-01-13T21:42:33.024833968Z Download from Tailscale version 1.78.1 successful!
2025-01-13T21:42:33.481354719Z Installation Done!
2025-01-13T21:42:33.481378170Z Settings Tailscale state dir to: /.tailscale_state
2025-01-13T21:42:33.481398240Z Setting host name to "apprise"
2025-01-13T21:42:33.482520183Z Starting tailscaled with log file location: /var/log/tailscaled
2025-01-13T21:42:33.482581133Z Starting tailscale
2025-01-13T21:42:37.958552452Z Some peers are advertising routes but --accept-routes is false
2025-01-13T21:42:38.036568706Z WARNING: Tailscale Key will expire in 179 days.
2025-01-13T21:42:38.036591501Z          Navigate to https://login.tailscale.com/admin/machines and 'Disable Key Expiry' for apprise
2025-01-13T21:42:38.036595714Z See: https://tailscale.com/kb/1028/key-expiry
2025-01-13T21:42:38.036600675Z Enabling Serve! See https://tailscale.com/kb/1312/serve
2025-01-13T21:42:38.041699865Z Available within your tailnet:
2025-01-13T21:42:38.041719067Z 
2025-01-13T21:42:38.041722195Z https://apprise.mytailnethere.ts.net/
2025-01-13T21:42:38.041724397Z |-- proxy http://localhost:8000
2025-01-13T21:42:38.041726813Z 
2025-01-13T21:42:38.041729066Z Serve started and running in the background.
2025-01-13T21:42:38.060279684Z Starting container...
2025-01-13T21:42:38.060298082Z 
2025-01-13T21:42:38.060301060Z =======================
2025-01-13T21:42:38.060303343Z 
2025-01-13T21:42:39.432244595Z =======================
2025-01-13T21:42:39.432257776Z 
2025-01-13T21:42:39.432260558Z Executing Unraid Docker Hook for Tailscale
2025-01-13T21:42:39.432262620Z 
2025-01-13T21:42:39.433416112Z Tailscale found, continuing...
2025-01-13T21:42:39.433429799Z Settings Tailscale state dir to: /.tailscale_state
2025-01-13T21:42:39.433458431Z Setting host name to "apprise"
2025-01-13T21:42:39.434202121Z Starting tailscaled with log file location: /var/log/tailscaled
2025-01-13T21:42:39.434246604Z Starting tailscale
2025-01-13T21:42:41.870132753Z Some peers are advertising routes but --accept-routes is false
2025-01-13T21:42:41.960053499Z WARNING: Tailscale Key will expire in 179 days.
2025-01-13T21:42:41.960083986Z          Navigate to https://login.tailscale.com/admin/machines and 'Disable Key Expiry' for apprise
2025-01-13T21:42:41.960088881Z See: https://tailscale.com/kb/1028/key-expiry
2025-01-13T21:42:41.960092263Z Enabling Serve! See https://tailscale.com/kb/1312/serve
2025-01-13T21:42:41.966385398Z Available within your tailnet:
2025-01-13T21:42:41.966416700Z 
2025-01-13T21:42:41.966420417Z https://apprise.mytailnethere.ts.net/
2025-01-13T21:42:41.966423352Z |-- proxy http://localhost:8000
2025-01-13T21:42:41.966426371Z 
2025-01-13T21:42:41.966429264Z Serve started and running in the background.
2025-01-13T21:42:41.994140523Z Starting container...
2025-01-13T21:42:41.994168707Z 
2025-01-13T21:42:41.994173447Z =======================
2025-01-13T21:42:41.994177048Z


 

services:
  apprise:
    image: caronc/apprise:latest
    container_name: apprise
    restart: unless-stopped
    profiles: ["all", "core", "notify"]
    networks:
      web-proxy:
      app-bridge:
      gluetun-bridge:
        ipv4_address: ${IPV4_ADDR_APPRISE}
    ports:
      - ${PORT_APPRISE:-8000}:8000
    entrypoint:
      - /opt/unraid/tailscale
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun
    volumes:
      - ${APPDATA_DIR}/apprise/config:/config
      - ${APPDATA_DIR}/apprise/plugin:/plugin
      - ${APPDATA_DIR}/apprise/attach:/attach
      - ${TAILSCALE_DIR}/apprise:/.tailscale_state
      - /usr/local/share/docker/tailscale_container_hook:/opt/unraid/tailscale
    environment:
      TZ: ${TZ}
      PUID: ${PUID}
      PGID: ${PGID}
      APPRISE_STATEFUL_MODE: simple
      APPRISE_WORKER_COUNT: 1
      APPRISE_CONFIG_LOCK: no
      TAILSCALE_ALLOW_LAN_ACCESS: false
      TAILSCALE_USE_SSH: false
      TAILSCALE_USERSPACE_NETWORKING: false
      TAILSCALE_SERVE_PORT: 8000
      TAILSCALE_HOSTNAME: apprise
      #TAILSCALE_FUNNEL: true # funnel mode 
      TAILSCALE_STATE_DIR: /.tailscale_state
    labels:
      logging.promtail: true
      traefik.enable: true
      traefik.docker.network: ${PROXY_NETWORK}
      traefik.http.routers.apprise.entrypoints: https
      traefik.http.routers.apprise.rule: Host(`${SUBDOMAIN_APPRISE}.${DOMAINNAME}`)
      traefik.http.routers.apprise.middlewares: chain-private@file
      traefik.http.services.apprise.loadbalancer.server.port: 8000
      net.unraid.docker.managed: composeman
      net.unraid.docker.webui: https://${SUBDOMAIN_APPRISE}.${DOMAINNAME}
      net.unraid.docker.icon: https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/apprise-api-logo.png
      net.unraid.docker.tailscale.webui: https://apprise.mytailnethere.ts.net
      net.unraid.docker.tailscale.hostname: apprise
      homepage.instance.adam.group: Notifications
      homepage.instance.adam.name: Apprise CLI
      homepage.instance.adam.icon: apprise.png
      homepage.instance.adam.href: https://${SUBDOMAIN_APPRISE}.${DOMAINNAME}
      homepage.instance.adam.description: Apprise managed configurations GUI

 

 

Edited by adamfl
Old diags attached - removed

Solved by EDACerton

  • Solution

If you're already using Compose, I would recommend using either TDSProxy or Tailscale sidecar containers instead of trying to invoke the Tailscale injection provided by Unraid 7. Either of those tools are better/safer than trying to modify containers on the fly.

  • Author
3 hours ago, EDACerton said:

If you're already using Compose, I would recommend using either TDSProxy or Tailscale sidecar containers instead of trying to invoke the Tailscale injection provided by Unraid 7. Either of those tools are better/safer than trying to modify containers on the fly.

 

I will check out TSDProxy. What I didn't like about the sidecar Tailscale container approach (though quite easy it seems) is the 1:1 relationship of the containers. I also was looking at some reddit threads where people were doing a sidecar only for Traefik or Caddy and then trying to serve both ts.net and their FQDN URLs all from the proxy.

 

If you have any tips, happy to learn more!

5 hours ago, adamfl said:

If you have any tips, happy to learn more!

I would also recommend TDSProxy or even the Tailscale sidecar method if you are using compose.

 

  • Author

I've got TSDProxy set up and that's playing nicely, but now I'm trying to get Traefik to play nice with Tailscale directly. I tried using Tailscale serve to redirect incoming traffic via Tailscale to a specific Traefik entrypoint so I wouldn't have to do like, portainer.mydomain.com:8443 instead of :443 to load the Tailscale route, but without Traefik in host mode it's just a PITA. I think I'll either land on just using the TDSProxy URLs in my homepage dashboard for non-shared apps and remove them from Traefik, or keep an ipAllowList and forwardAuth in front of their internet addressable URLs on my FQDN.

 

I'm using NextDNS and split horizon DNS for publicly accessible apps currently, and only private DNS lookups for non-public apps.

 

 

  • 4 months later...
  • 3 weeks later...

I'll have a look at TSDProxy. The 1:1 link between the containers is what I disliked about the sidecar Tailscale container technique, despite the fact that it appears to be quite simple. Additionally, I was examining several Reddit posts where users were performing sidecars exclusively for Traefik.

speed stars

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.